We currently blacklist [id] values that clobber DOM APIs:
|
attrs: { |
|
name: "id" |
|
# When updating this blacklisted_value_regex, also update for |
|
# mandatory-id-attr. |
|
blacklisted_value_regex: "(^|\\s)(" # Values are space separated |
|
"__amp_\\S*|" |
|
"__count__|" |
|
"__defineGetter__|" |
|
"__defineSetter__|" |
|
"__lookupGetter__|" |
|
"__lookupSetter__|" |
|
"__noSuchMethod__|" |
|
"__parent__|" |
|
"__proto__|" |
|
"__AMP_\\S*|" |
|
"\\$p|" |
|
"\\$proxy|" |
|
"acceptCharset|" |
|
"addEventListener|" |
|
"appendChild|" |
|
"assignedSlot|" |
|
"attachShadow|" |
|
"AMP|" |
|
"baseURI|" |
|
"checkValidity|" |
|
"childElementCount|" |
|
"childNodes|" |
|
"classList|" |
|
"className|" |
|
"clientHeight|" |
|
"clientLeft|" |
|
"clientTop|" |
|
"clientWidth|" |
|
"compareDocumentPosition|" |
|
"computedName|" |
|
"computedRole|" |
|
"contentEditable|" |
|
"createShadowRoot|" |
|
"enqueAction|" |
|
"firstChild|" |
|
"firstElementChild|" |
|
"getAnimations|" |
|
"getAttribute|" |
|
"getAttributeNS|" |
|
"getAttributeNode|" |
|
"getAttributeNodeNS|" |
|
"getBoundingClientRect|" |
|
"getClientRects|" |
|
"getDestinationInsertionPoints|" |
|
"getElementsByClassName|" |
|
"getElementsByTagName|" |
|
"getElementsByTagNameNS|" |
|
"getRootNode|" |
|
"hasAttribute|" |
|
"hasAttributeNS|" |
|
"hasAttributes|" |
|
"hasChildNodes|" |
|
"hasPointerCapture|" |
|
"i-amphtml-\\S*|" |
|
"innerHTML|" |
|
"innerText|" |
|
"inputMode|" |
|
"insertAdjacentElement|" |
|
"insertAdjacentHTML|" |
|
"insertAdjacentText|" |
|
"isContentEditable|" |
|
"isDefaultNamespace|" |
|
"isEqualNode|" |
|
"isSameNode|" |
|
"lastChild|" |
|
"lastElementChild|" |
|
"lookupNamespaceURI|" |
|
"namespaceURI|" |
|
"nextElementSibling|" |
|
"nextSibling|" |
|
"nodeName|" |
|
"nodeType|" |
|
"nodeValue|" |
|
"offsetHeight|" |
|
"offsetLeft|" |
|
"offsetParent|" |
|
"offsetTop|" |
|
"offsetWidth|" |
|
"outerHTML|" |
|
"outerText|" |
|
"ownerDocument|" |
|
"parentElement|" |
|
"parentNode|" |
|
"previousElementSibling|" |
|
"previousSibling|" |
|
"querySelector|" |
|
"querySelectorAll|" |
|
"releasePointerCapture|" |
|
"removeAttribute|" |
|
"removeAttributeNS|" |
|
"removeAttributeNode|" |
|
"removeChild|" |
|
"removeEventListener|" |
|
"replaceChild|" |
|
"reportValidity|" |
|
"requestPointerLock|" |
|
"scrollHeight|" |
|
"scrollIntoView|" |
|
"scrollIntoViewIfNeeded|" |
|
"scrollLeft|" |
|
"scrollWidth|" |
|
"setAttribute|" |
|
"setAttributeNS|" |
|
"setAttributeNode|" |
|
"setAttributeNodeNS|" |
|
"setPointerCapture|" |
|
"shadowRoot|" |
|
"styleMap|" |
|
"tabIndex|" |
|
"tagName|" |
|
"textContent|" |
|
"toString|" |
|
"valueOf|" |
|
"(webkit|ms|moz|o)dropzone|" |
|
"(webkit|moz|ms|o)MatchesSelector|" |
|
"(webkit|moz|ms|o)RequestFullScreen|" |
|
"(webkit|moz|ms|o)RequestFullscreen" |
|
")(\\s|$)" |
|
} |
But we don't blacklist custom AMP globals that are set on the window by AMP JS, e.g.
|
return (win.AMP_MODE = getMode_(win)); |
The following AMP globals are added on a minimal AMP page after startup:
AMPErrors
AMP_CONFIG
AMP_MODE
AMP_TAG
BaseCustomElementClass
UrlCache
__AMP_TOP
__AMP__EXPERIMENT_TOGGLES
ampExtendedElements
reportError
services
Some extensions also set globals -- the same survey done on examples/article.amp.html yields:
3pla
AMPErrors
AMP_CONFIG
AMP_FAST_FETCH_SIGNATURE_VERIFIER_
AMP_MODE
AMP_TAG
BaseCustomElementClass
UrlCache
__AMP_TOP
__AMP__EXPERIMENT_TOGGLES
ampAdGoogleIfiCounter
ampAdPageCorrelator
ampAdSlotIdCounter
ampExtendedElements
defaultBootstrapSubDomain
experimentBranches
gaGlobal
goog_identity_prom
listeningFors
log
reportError
services
Short-term, we can blacklist the minimal set of AMP globals. This may break some pages due to generic names like "services".
Long-term, it would be nice to migrate all custom AMP globals to the same prefix (e.g. __AMP_) and blacklist that prefix. Then introduce a presubmit that checks that assignment operations of the form win.foo = bar obey the prefix rule.
See b/139534623 for more context.